IOHK’s Charles Hoskinson hosted an AMA session on YouTube where the entrepreneur spoke about Cardano’s much-awaited update releases. He began by ensuring his viewers about the completion of the ‘Shelley era’ by 2020 as planned.
When asked about his take on the “Justin Sun’s lunch back out,” Hoskinson compared his previous $5 million investment by saying,
“I spent $5 million of project capital to basically set an entire smart contract research and development program for well more than the year, with 19 people and some of the world’s top scientists. What’s more useful to your ecosystem?”
While emphasizing on Shelley’s launch as a top priority, Hoskinson hinted at several (on hold) projects that will be built/launched after Shelley provides the required infrastructure for his company. Going forward, the crypto advocate also highlighted gold’s foundational problem of ownership and in-house storage. He added,
“That’s why I love crypto because Bitcoin, at this point basically digital gold, it’s not going away. It has that same value proposition. You can get so much better security out of Bitcoin than you ever could on physical gold.”
In the AMA, he also addressed some light topics as well, but it managed to reveal Cardano’s aggressive stance toward infrastructure development. Moreover, the one-sided conversation between Hoskinson and his viewers sparked a new level of confidence among the ADA community as Shelley’s 2020 launch promises related innovations that may reward the hodlers.
Understanding the exploit that made EOS.IO “unusable” for two hours
On Sept. 13, an attacker flooded the EOSIO network to drain $110,000 in EOS from a gambling dApp. During the process, many user-facing applications were unusable due to congestion. Here’s how the hacker did it, in detail.
Basics of the network congestion exploit
Four days ago, an attacker pushed the EOS network into “high congestion mode” as part of a smart contract exploit. The maneuver temporarily made some free network resources unavailable, making many applications on the network “unusable” to smaller token holders for over two hours.
Although the network was still accessible (for example, a block explorer would still work), many were “prevented from publishing updates” or “doing anything actively on the chain” unless they paid for prohibitively costly network resources.
At the peak of network congestion, it required nearly 12 EOS to make a single feeless transaction on the network, said one community member. For context, Most blockchains attach a fee directly to transactions. EOSIO allows users to stake their tokens in exchange for network resources.
The attacker was able to rent a huge amount of network resources on a recently opened resource exchange. These resources were leveraged to select which valid transactions would get included on the blockchain to manipulate gambling dApp outcomes.
During this time, the maintainers of the gambling dApp did not have enough EOS on hand to take their contract offline (or take any preventative actions at all). This allowed the attacker to drain the smart contract for 30,000 EOS, at the cost of 300 EOS in rented network resources, at their leisure.
Identifying the attacker
Beginning Aug. 17, the user “mumachayinmm” started conducting tests against a variety of gambling dApps. After just under a month of testing, mumachayinmm rented the equivalent of 1.45 million EOS in network resources.
Previously, this would have required some $5.8 million in tokens. But REX, a new service launched in May, allows users to stake their EOS for security and voting purposes while selling the network resources their stake entitles them to. After REX, 1.45 million EOS in network resources cost just $1,200.
On Sept. 13, mumachayinmm started flooding EOSIO with hundreds of thousands of transactions.
Technical details behind the gambling dApp exploit
EOSPlay is a decentralized gambling dApp that offers games such as poker and dice. What made the service exploitable was how it generated random numbers for these games.
Instead of using a secure source of randomness, EOSPlay used the EOSIO blockchain as its source of entropy. Unfortunately, information on a blockchain can be manipulated.
As an example, on Bitcoin miners who find a block get to select which transactions are included at their discretion, so long as they’re legal transactions. Theoretically, if a dApp used transactions on Bitcoin to make calculations then large miners could game it.
On EOSIO, a similar way to manipulate the blockchain is to amass enough network resources to include whichever transactions are desired over all other users.
Specifically, what the attacker did was put deferred transactions into each block, said Dexaran, a respected smart contract developer. These blocks were the ones EOSPlay used to calculate random numbers.
By monopolizing network resources, the attacker could then calculate the random number before the contract could. If the number was a losing number, then the deferred transactions started an “infinite loop,” pushing random number generation to the next block, said Dexaran.
The maneuver allowed mumachayinmm to win on EOSPlay over and over again.
EOSPlay helpless during the attack
To make matters worse, the maintainers behind the gambling dApp did not stake enough EOS to cover their contract operation costs when EOSIO’s conservative mode was triggered. This was an oversight on the part of the maintainers.
With network resources monopolized the maintainers needed to have enough liquid EOS on hand to ensure a transaction to halt the contract would go through. It appears they didn’t have the tokens on hands, allowing the attacker to bide their time as the contract was drained.
These spam attacks aren’t unique to EOS. Networks such as Bitcoin and Ethereum are also vulnerable to spam attacks should a wealthy token holder wish to pay for them (though they are prohibitively expensive in most cases).
Block.one executives respond
Block.one CTO and creator of EOSIO Daniel Larimer took to Twitter to dispel the “FUD” around the network congestion attacks. He asserted the network was “working as intended”:
Yet, these assertions are in conflict with Larimer’s May 2018 comments while he was touting the “feeless” design of EOSIO:
“On EOSIO, no single user has the ability to saturate the entire network no matter how much money they’re willing to spend.”
Yet, that is exactly what happened during this exploit. The attacker saturated the network by spending a paltry $1,200.
Block.one CEO Brendan Blumer also took to social media to defend EOSIO. Though, he was rather vague on specific actions until pressed by a community member.
If a user stakes EOS they will always have access to network resources, he claims. But the amount will vary substantially, and when paying customers are using it all, it’ll be necessary to pay to maintain the same level of access, stated Blumer.
The recent exploit raises serious questions about the EOSIO blockchain. Jared Moore, an active community member asked: If the network is at risk of sudden spikes in resource cost, how much liquid EOS should developers have on hand to ensure they’re protected? Without guidance, dApp developers will continue to be vulnerable to these kinds of exploits, he argued.
Another issue is access. As EOS gains more usage it’s likely the network will eventually enter a state of constant “high congestion mode,” voiced another enthusiast.
This means developers and corporations, rather than small-time users, will dominate access to resources on the network—raising questions as to who the network is built for. These same corporations could also monopolize resources on the network, said Moore, in essence becoming gatekeepers.
On the bright side, such a scenario would make EOS like owning land, said another commentator, giving the token value through the network resources it entitles the owner to.
Dexaran, a security engineer and the creator of the ERC-223 token standard, made the following suggestion to mitigate future congestion attacks on dApps:
“It would be nice to calculate how much EOS you need to put into a ‘reserve’ account to make sure you have access to your contracts even during harsh congestion,” he commented.
Another community member voiced a need for better ways to calculate staked EOS needs under different network conditions:
“The key issue here is that the community has gotten used to the amount of free transactions they receive when the network is relatively unused. We need better estimates of how much EOS you need staked during different network conditions.”
He went on to describe problems with how staking is treated on the network.
“I also have a really big issue with the fact that EOSIO does not prioritize ‘staking’ transactions. When these conditions happen, folks attempting to stake more EOS should be allowed to (once per account) as a priority transaction. When I’ve paid for huge sums of EOS, it’s ridiculous when I get locked out and can’t allocate more to my account. I can’t ‘pay for more’ even if I wanted to.”
Designing a public blockchain is a complicated business. Things will go wrong. Right now, it’s very costly to build useful apps on any blockchain. Block.one executives should take the lead to make the development experience easier and less risky, paving the way for mass adoption, rather than maintaining hardliner positions that ‘nothing’s wrong.’
Ethereum Price (ETH) Touches $200 While Bitcoin Is Declining
- ETH price extended its gains above the $195 resistance level against the US Dollar.
- Bitcoin price is down more than 1.5% and it recently broke the $10,250 support area.
- Yesterday’s highlighted major bullish trend line is active with support near $193 on the hourly chart of ETH/USD (data feed via Kraken).
- The pair is currently consolidating gains and it might soon attempt to climb above the $200 resistance.
Ethereum price is trading higher towards $200 and $205 versus the US Dollar, while bitcoin is declining. ETH price could continue to rise towards $205 or even $210.
Ethereum Price Analysis
Yesterday, we saw a nice upward move in ETH price above the $185 resistance against the US Dollar. Moreover, we discussed the chances of more upsides and a test of the $200 level. The price did climb higher, broke the $195 swing high, and recently traded close to the $200 level. On the other hand, bitcoin remained in a bearish zone and declined below the $10,300 and $10,250 support levels.
Ethereum price formed a new monthly high near $200 and it is currently consolidating gains. An immediate support is near the $197 level. It coincides with the 23.6% Fib retracement level of the last leg from the $189 swing low to $200 high. If there is an extended downside correction, the price could test the $195 support area. Additionally, the 50% Fib retracement level of the last leg from the $189 swing low to $200 high is also near the $195 level.
More importantly, yesterday’s highlighted major bullish trend line is active with support near $193 on the hourly chart of ETH/USD. The main support for Ethereum is near the $185 level (the previous resistance). Therefore, dips remain well supported in the near term towards $195 and $193. On the upside, an immediate resistance is near the $200 handle.
If the price breaks the $200 level, there are high chances of it surpassing the $205 resistance level. The next key resistance is near the $210 level, above which the price could surge towards the $220-$225 zone.
Looking at the chart, Ethereum price is clearly outperforming bitcoin and other altcoins. As long as it is trading above the trend line support and $185, there are chances of more gains. It would be interesting to see how bears react once the price surpasses the $200 barrier and attempts to climb above $205.
ETH Technical Indicators
Hourly MACD – The MACD for ETH/USD is currently in the bullish zone, with positive signs.
Hourly RSI – The RSI for ETH/USD is currently correcting lower and it might test the 60 level.
Major Support Level – $193
Major Resistance Level – $200
Will Dogecoin Price be able to Beat the Bears?
- Dogecoin price is still under bear pressure as seen by the price variations over the past month.
Dogecoin has not been able to sustain its position in the upward range due to the constant bear pressure since they gained strength from the end of June. From the past one month, DOGE shows a lot of price fluctuations and is trading mostly below the baseline with the prices oscillating between $0.0023 – $0.0029.
Dogecoin Price Predictions
The price of Dogecoin has been continually in the lower range due to the bear pressure in the crypto market. From a high of $0.002897 on August 19, 2019, the price went on a downhill to $0.002360 on August 29 to the extent of 18.46%. DOGE then made a recovery on September 09 to the tune of 13.68% at $0.002683. With the bears showing an upper hand, Dogecoin price again went down in the next 8 days to $0.002319; downward movement was to the extent of 13.64%. In a matter of the next 4 days, DOGE price went up at $0.002567 to the tune of 10.71%. Currently, Dogecoin is trading at $0.002478, which is again lower by 3.84%.
Dogecoin to USD Price Chart
Dogecoin price has seen a lot of variations from the beginning of the year. The price of DOGE was moving in a flattish range till April where it suddenly rose during the first week of April. Dogecoin had managed to sustain its momentum even as late as July 16 when it was at $0.0032, but by then, the bears had got stronger, and the downslide began for the coin. Analysts expect this volatility to run its course for the short-term and feel that DOGE has the potential to bounce back by the year-end.
For long-term investors, this is the right time to make their investments. Short-term and day traders should invest cautiously, taking market conditions into account.